Security Vulnerabilities - CVEs Published In November 2023
Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-11-09
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.
CVSS Score
7.3
EPSS Score
0.002
Published
2023-11-09
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-09
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-11-09
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-09
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
CVSS Score
8.0
EPSS Score
0.036
Published
2023-11-09
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-11-09